Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (5.0/Cloud)

79033: Merged V4.2-BUG-FIX (4.2.4) to HEAD-BUG-FIX (5.0/Cloud) 78970: Merged DEV to V4.2-BUG-FIX (4.2.4) 78847: MNT-11760 : No auditing entries generated for failed logins with audit.alfresco-access.enabled=true configured Fixed audit logging for failed logins. 78848: MNT-11760 : No auditing entries generated for failed logins with audit.alfresco-access.enabled=true configured Fixed tests to highlight the issue. git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@82681 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2014-09-03 15:12:17 +00:00
parent 3726796d43
commit b91927c48c
4 changed files with 42 additions and 9 deletions
--- a/source/java/org/alfresco/repo/audit/AuditComponent.java
+++ b/source/java/org/alfresco/repo/audit/AuditComponent.java
@@ -207,6 +207,19 @@ public interface AuditComponent
     */
    Map<String, Serializable> recordAuditValues(String rootPath, Map<String, Serializable> values);
    
+    /**
+     * The same as {@link AuditComponent#recordAuditValues(String, Map)}, but with controlled usage of userFilter
+     * 
+     * @param rootPath          a base path of {@link AuditPath} key entries concatenated with the path separator
+     *                          '/' ({@link AuditApplication#AUDIT_PATH_SEPARATOR})
+     * @param values            the values to audit mapped by {@link AuditPath} key relative to root path
+     *                          (may be <tt>null</tt>)
+     * @param useUserFilter     if <tt>false<tt> the user filter is disabled.
+     * @return                  Returns the values that were actually persisted, keyed by their full path.
+     * @throws IllegalStateException if the transaction state could not be determined
+     */
+    Map<String, Serializable> recordAuditValuesWithUserFilter(String rootPath, Map<String, Serializable> values, boolean useUserFilter);
+    
    /**
     * Find audit entries using the given parameters
     * 
--- a/source/java/org/alfresco/repo/audit/AuditComponentImpl.java
+++ b/source/java/org/alfresco/repo/audit/AuditComponentImpl.java
@@ -484,17 +484,21 @@ public class AuditComponentImpl implements AuditComponent
        }
    }

-    /**
-     * {@inheritDoc}
-     * @since 3.2
-     */
+    @Override
    public Map<String, Serializable> recordAuditValues(String rootPath, Map<String, Serializable> values)
+    {
+        return recordAuditValuesWithUserFilter(rootPath, values, true);
+    }
+    
+    @Override
+    public Map<String, Serializable> recordAuditValuesWithUserFilter(String rootPath, Map<String, Serializable> values, boolean useUserFilter)
    {
        ParameterCheck.mandatory("rootPath", rootPath);
        AuditApplication.checkPathFormat(rootPath);
        
        String username = AuthenticationUtil.getFullyAuthenticatedUser();
-        if (values == null || values.isEmpty() || !areAuditValuesRequired() || !userAuditFilter.acceptUser(username) || !auditFilter.accept(rootPath, values))
+        if (values == null || values.isEmpty() || !areAuditValuesRequired()
+                || !(userAuditFilter.acceptUser(username) || !useUserFilter) || !auditFilter.accept(rootPath, values))
        {
            return Collections.emptyMap();
        }
--- a/source/java/org/alfresco/repo/audit/AuditMethodInterceptor.java
+++ b/source/java/org/alfresco/repo/audit/AuditMethodInterceptor.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2012 Alfresco Software Limited.
+ * Copyright (C) 2005-2014 Alfresco Software Limited.
 *
 * This file is part of Alfresco
 *
@@ -36,6 +36,7 @@ import org.alfresco.error.AlfrescoRuntimeException;
 import org.alfresco.error.StackTraceUtil;
 import org.alfresco.repo.audit.model.AuditApplication;
 import org.alfresco.repo.domain.schema.SchemaBootstrap;
+import org.alfresco.repo.security.authentication.AuthenticationException;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
 import org.alfresco.service.Auditable;
@@ -517,7 +518,17 @@ public class AuditMethodInterceptor implements MethodInterceptor
 		            {
 		                public Map<String, Serializable> execute() throws Throwable
 		                {
-		                    return auditComponent.recordAuditValues(rootPath, auditData);
+                            // Record thrown exceptions regardless of userFilter in case of failed authentication
+                            // see MNT-11760
+                            if (thrown instanceof AuthenticationException)
+                            {
+                                  return auditComponent.recordAuditValuesWithUserFilter(rootPath, auditData, false);
+                            }
+                            else
+                            {
+                                  return auditComponent.recordAuditValues(rootPath, auditData);
+                            }
+
 		                }
 		            };
 		            try